[ViewVC] Diff of: cvs/CBOR-XS/README

Comparing CBOR-XS/README (file contents):
Revision 1.12 by root, Sun Dec 1 17:10:42 2013 UTC vs.
Revision 1.17 by root, Wed Apr 27 09:40:18 2016 UTC

         code that isn't prepared for this will not leak memory.
         If $enable is false (the default), then "decode" will throw an error
         when it encounters a self-referential/cyclic data structure.
+        FUTURE DIRECTION: the motivation behind this option is to avoid
+        *real* cycles - future versions of this module might chose to decode
+        cyclic data structures using weak references when this option is
+        off, instead of throwing an error.
         This option does not affect "encode" in any way - shared values and
-        references will always be decoded properly if present.
+        references will always be encoded properly if present.
     $cbor = $cbor->pack_strings ([$enable])
     $enabled = $cbor->get_pack_strings
         If $enable is true (or missing), then "encode" will try not to
         encode the same string twice, but will instead encode a reference to
         the standard CBOR way.
         This option does not affect "decode" in any way - string references
         will always be decoded properly if present.
+    $cbor = $cbor->text_keys ([$enable])
+    $enabled = $cbor->get_text_keys
+        If $enabled is true (or missing), then "encode" will encode all perl
+        hash keys as CBOR text strings/UTF-8 string, upgrading them as
+        needed.
+        If $enable is false (the default), then "encode" will encode hash
+        keys normally - upgraded perl strings (strings internally encoded as
+        UTF-8) as CBOR text strings, and downgraded perl strings as CBOR
+        byte strings.
+        This option does not affect "decode" in any way.
+        This option is useful for interoperability with CBOR decoders that
+        don't treat byte strings as a form of text. It is especially useful
+        as Perl gives very little control over hash keys.
+        Enabling this option can be slow, as all downgraded hash keys that
+        are encoded need to be scanned and converted to UTF-8.
+    $cbor = $cbor->text_strings ([$enable])
+    $enabled = $cbor->get_text_strings
+        This option works similar to "text_keys", above, but works on all
+        strings (including hash keys), so "text_keys" has no further effect
+        after enabling "text_strings".
+        If $enabled is true (or missing), then "encode" will encode all perl
+        strings as CBOR text strings/UTF-8 strings, upgrading them as
+        needed.
+        If $enable is false (the default), then "encode" will encode strings
+        normally (but see "text_keys") - upgraded perl strings (strings
+        internally encoded as UTF-8) as CBOR text strings, and downgraded
+        perl strings as CBOR byte strings.
+        This option does not affect "decode" in any way.
+        This option has similar advantages and disadvantages as "text_keys".
+        In addition, this option effectively removes the ability to encode
+        byte strings, which might break some "FREEZE" and "TO_CBOR" methods
+        that rely on this, such as bignum encoding, so this option is mainly
+        useful for very simple data.
     $cbor = $cbor->validate_utf8 ([$enable])
     $enabled = $cbor->get_validate_utf8
         If $enable is true (or missing), then "decode" will validate that
         elements (text strings) containing UTF-8 data in fact contain valid
         UTF-8 data (instead of blindly accepting it). This validation
         The concept of "valid UTF-8" used is perl's concept, which is a
         superset of the official UTF-8.
         If $enable is false (the default), then "decode" will blindly accept
         UTF-8 data, marking them as valid UTF-8 in the resulting data
-        structure regardless of whether thats true or not.
+        structure regardless of whether that's true or not.
         Perl isn't too happy about corrupted UTF-8 in strings, but should
         generally not crash or do similarly evil things. Extensions might be
         not so forgiving, so it's recommended to turn on this setting if you
         receive untrusted CBOR.
         the next one starts.
            CBOR::XS->new->decode_prefix ("......")
            => ("...", 3)
+  INCREMENTAL PARSING
+    In some cases, there is the need for incremental parsing of JSON texts.
+    While this module always has to keep both CBOR text and resulting Perl
+    data structure in memory at one time, it does allow you to parse a CBOR
+    stream incrementally, using a similar to using "decode_prefix" to see if
+    a full CBOR object is available, but is much more efficient.
+    It basically works by parsing as much of a CBOR string as possible - if
+    the CBOR data is not complete yet, the pasrer will remember where it
+    was, to be able to restart when more data has been accumulated. Once
+    enough data is available to either decode a complete CBOR value or raise
+    an error, a real decode will be attempted.
+    A typical use case would be a network protocol that consists of sending
+    and receiving CBOR-encoded messages. The solution that works with CBOR
+    and about anything else is by prepending a length to every CBOR value,
+    so the receiver knows how many octets to read. More compact (and
+    slightly slower) would be to just send CBOR values back-to-back, as
+    "CBOR::XS" knows where a CBOR value ends, and doesn't need an explicit
+    length.
+    The following methods help with this:
+    @decoded = $cbor->incr_parse ($buffer)
+        This method attempts to decode exactly one CBOR value from the
+        beginning of the given $buffer. The value is removed from the
+        $buffer on success. When $buffer doesn't contain a complete value
+        yet, it returns nothing. Finally, when the $buffer doesn't start
+        with something that could ever be a valid CBOR value, it raises an
+        exception, just as "decode" would. In the latter case the decoder
+        state is undefined and must be reset before being able to parse
+        further.
+        This method modifies the $buffer in place. When no CBOR value can be
+        decoded, the decoder stores the current string offset. On the next
+        call, continues decoding at the place where it stopped before. For
+        this to make sense, the $buffer must begin with the same octets as
+        on previous unsuccessful calls.
+        You can call this method in scalar context, in which case it either
+        returns a decoded value or "undef". This makes it impossible to
+        distinguish between CBOR null values (which decode to "undef") and
+        an unsuccessful decode, which is often acceptable.
+    @decoded = $cbor->incr_parse_multiple ($buffer)
+        Same as "incr_parse", but attempts to decode as many CBOR values as
+        possible in one go, instead of at most one. Calls to "incr_parse"
+        and "incr_parse_multiple" can be interleaved.
+    $cbor->incr_reset
+        Resets the incremental decoder. This throws away any saved state, so
+        that subsequent calls to "incr_parse" or "incr_parse_multiple" start
+        to parse a new CBOR value from the beginning of the $buffer again.
+        This method can be caled at any time, but it *must* be called if you
+        want to change your $buffer or there was a decoding error and you
+        want to reuse the $cbor object for future incremental parsings.
 MAPPING
     This section describes how CBOR::XS maps Perl values to CBOR values and
     vice versa. These mappings are designed to "do the right thing" in most
     circumstances automatically, preserving round-tripping characteristics
     (what you put in comes out as something equivalent).
     hash references
         Perl hash references become CBOR maps. As there is no inherent
         ordering in hash keys (or CBOR maps), they will usually be encoded
         in a pseudo-random order. This order can be different each time a
-        hahs is encoded.
+        hash is encoded.
         Currently, tied hashes will use the indefinite-length format, while
         normal hashes will use the fixed-length format.
     array references
            my $x = 3.1; # some variable containing a number
            "$x";        # stringified
            $x .= "";    # another, more awkward way to stringify
            print $x;    # perl does it for you, too, quite often
-        You can force whether a string ie encoded as byte or text string by
+        You can force whether a string is encoded as byte or text string by
-        using "utf8::upgrade" and "utf8::downgrade"):
+        using "utf8::upgrade" and "utf8::downgrade" (if "text_strings" is
+        disabled):
           utf8::upgrade $x;   # encode $x as text string
           utf8::downgrade $x; # encode $x as byte string
         Perl doesn't define what operations up- and downgrade strings, so if
         the difference between byte and text is important, you should up- or
-        downgrade your string as late as possible before encoding.
+        downgrade your string as late as possible before encoding. You can
+        also force the use of CBOR text strings by using "text_keys" or
+        "text_strings".
         You can force the type to be a CBOR number by numifying it:
            my $x = "3"; # some variable containing a string
            $x += 0;     # numify it, ensuring it will be dumped as a number
           "$self" # encode url string
        }
        sub URI::THAW {
           my ($class, $serialiser, $uri) = @_;
           $class->new ($uri)
        }
     Unlike "TO_CBOR", multiple values can be returned by "FREEZE". For
     example, a "FREEZE" method that returns "type", "id" and "variant"
     Future versions of this module reserve the right to special case
     additional tags (such as base64url).
   ENFORCED TAGS
     These tags are always handled when decoding, and their handling cannot
-    be overriden by the user.
+    be overridden by the user.
     26 (perl-object, <http://cbor.schmorp.de/perl-object>)
         These tags are automatically created (and decoded) for serialisable
         objects using the "FREEZE/THAW" methods (the Types::Serialier object
         serialisation protocol). See "OBJECT SERIALISATION" for details.
-    28, 29 (shareable, sharedref, L <http://cbor.schmorp.de/value-sharing>)
+    28, 29 (shareable, sharedref, <http://cbor.schmorp.de/value-sharing>)
         These tags are automatically decoded when encountered (and they do
         not result in a cyclic data structure, see "allow_cycles"),
         resulting in shared values in the decoded object. They are only
         encoded, however, when "allow_sharing" is enabled.
         references will be shared, others will not. While non-reference
         shared values can be generated in Perl with some effort, they were
         considered too unimportant to be supported in the encoder. The
         decoder, however, will decode these values as shared values.
-    256, 25 (stringref-namespace, stringref, L
+    256, 25 (stringref-namespace, stringref,
     <http://cbor.schmorp.de/stringref>)
         These tags are automatically decoded when encountered. They are only
         encoded, however, when "pack_strings" is enabled.
     22098 (indirection, <http://cbor.schmorp.de/indirection>)
         This tag is automatically generated when a reference are encountered
-        (with the exception of hash and array refernces). It is converted to
+        (with the exception of hash and array references). It is converted
-        a reference when decoding.
+        to a reference when decoding.
     55799 (self-describe CBOR, RFC 7049)
         This value is not generated on encoding (unless explicitly requested
         by the user), and is simply ignored when decoding.
   NON-ENFORCED TAGS
     These tags have default filters provided when decoding. Their handling
-    can be overriden by changing the %CBOR::XS::FILTER entry for the tag, or
+    can be overridden by changing the %CBOR::XS::FILTER entry for the tag,
-    by providing a custom "filter" callback when decoding.
+    or by providing a custom "filter" callback when decoding.
     When they result in decoding into a specific Perl class, the module
     usually provides a corresponding "TO_CBOR" method as well.
     When any of these need to load additional modules that are not part of
     2, 3 (positive/negative bignum)
         These tags are decoded into Math::BigInt objects. The corresponding
         "Math::BigInt::TO_CBOR" method encodes "small" bigints into normal
         CBOR integers, and others into positive/negative CBOR bignums.
-    4, 5 (decimal fraction/bigfloat)
+    4, 5, 264, 265 (decimal fraction/bigfloat)
         Both decimal fractions and bigfloats are decoded into Math::BigFloat
         objects. The corresponding "Math::BigFloat::TO_CBOR" method *always*
-        encodes into a decimal fraction.
+        encodes into a decimal fraction (either tag 4 or 264).
-        CBOR cannot represent bigfloats with *very* large exponents -
-        conversion of such big float objects is undefined.
-        Also, NaN and infinities are not encoded properly.
+        NaN and infinities are not encoded properly, as they cannot be
+        represented in CBOR.
+        See "BIGNUM SECURITY CONSIDERATIONS" for more info.
+    30 (rational numbers)
+        These tags are decoded into Math::BigRat objects. The corresponding
+        "Math::BigRat::TO_CBOR" method encodes rational numbers with
+        denominator 1 via their numerator only, i.e., they become normal
+        integers or "bignums".
+        See "BIGNUM SECURITY CONSIDERATIONS" for more info.
     21, 22, 23 (expected later JSON conversion)
         CBOR::XS is not a CBOR-to-JSON converter, and will simply ignore
         these tags.
     Also keep in mind that CBOR::XS might leak contents of your Perl data
     structures in its error messages, so when you serialise sensitive
     information you might want to make sure that exceptions thrown by
     CBOR::XS will not end up in front of untrusted eyes.
+BIGNUM SECURITY CONSIDERATIONS
+    CBOR::XS provides a "TO_CBOR" method for both Math::BigInt and
+    Math::BigFloat that tries to encode the number in the simplest possible
+    way, that is, either a CBOR integer, a CBOR bigint/decimal fraction (tag
+    4) or an arbitrary-exponent decimal fraction (tag 264). Rational numbers
+    (Math::BigRat, tag 30) can also contain bignums as members.
+    CBOR::XS will also understand base-2 bigfloat or arbitrary-exponent
+    bigfloats (tags 5 and 265), but it will never generate these on its own.
+    Using the built-in Math::BigInt::Calc support, encoding and decoding
+    decimal fractions is generally fast. Decoding bigints can be slow for
+    very big numbers (tens of thousands of digits, something that could
+    potentially be caught by limiting the size of CBOR texts), and decoding
+    bigfloats or arbitrary-exponent bigfloats can be *extremely* slow
+    (minutes, decades) for large exponents (roughly 40 bit and longer).
+    Additionally, Math::BigInt can take advantage of other bignum libraries,
+    such as Math::GMP, which cannot handle big floats with large exponents,
+    and might simply abort or crash your program, due to their code quality.
+    This can be a concern if you want to parse untrusted CBOR. If it is, you
+    might want to disable decoding of tag 2 (bigint) and 3 (negative bigint)
+    types. You should also disable types 5 and 265, as these can be slow
+    even without bigints.
+    Disabling bigints will also partially or fully disable types that rely
+    on them, e.g. rational numbers that use bignums.
 CBOR IMPLEMENTATION NOTES
     This section contains some random implementation notes. They do not
     describe guaranteed behaviour, but merely behaviour as-is implemented
     right now.
     Strict mode and canonical mode are not implemented.
 LIMITATIONS ON PERLS WITHOUT 64-BIT INTEGER SUPPORT
     On perls that were built without 64 bit integer support (these are rare
-    nowadays, even on 32 bit architectures), support for any kind of 64 bit
+    nowadays, even on 32 bit architectures, as all major Perl distributions
+    are built with 64 bit integer support), support for any kind of 64 bit
     integer in CBOR is very limited - most likely, these 64 bit values will
     be truncated, corrupted, or otherwise not decoded correctly. This also
     includes string, array and map sizes that are stored as 64 bit integers.
 THREADS

Diff Legend

-–
+Removed lines
-+
+Added lines
-<
+Changed lines
->
+Changed lines

Comparing CBOR-XS/README (file contents): Revision 1.12 by root, Sun Dec 1 17:10:42 2013 UTC vs. Revision 1.17 by root, Wed Apr 27 09:40:18 2016 UTC

Diff Legend

Comparing CBOR-XS/README (file contents):
Revision 1.12 by root, Sun Dec 1 17:10:42 2013 UTC vs.
Revision 1.17 by root, Wed Apr 27 09:40:18 2016 UTC